From e25a025f9ed15f37c114e84484df3d77d392c09a Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Mon, 19 Aug 2013 14:45:55 +0100 Subject: apache2: update to 2.4.6 Signed-off-by: Paul Eggleton --- .../apache2-2.4.4/apache-configure_perlbin.patch | 37 --- .../apache2-2.4.4/apache-ssl-ltmain-rpath.patch | 76 ------ .../apache2/apache2-2.4.4/fix-libtool-name.patch | 55 ----- .../apache2-2.4.4/httpd-2.4.1-corelimit.patch | 37 --- .../apache2-2.4.4/httpd-2.4.1-selinux.patch | 63 ----- .../apache2/apache2-2.4.4/httpd-2.4.4-export.patch | 22 -- .../apache2-2.4.4/httpd-2.4.4-r1332643.patch | 260 --------------------- .../replace-lynx-to-curl-in-apachectl-script.patch | 52 ----- .../apache2/apache2-2.4.4/server-makefile.patch | 11 - .../apache2-2.4.6/apache-configure_perlbin.patch | 37 +++ .../apache2-2.4.6/apache-ssl-ltmain-rpath.patch | 76 ++++++ .../apache2/apache2-2.4.6/fix-libtool-name.patch | 55 +++++ .../apache2-2.4.6/httpd-2.4.1-corelimit.patch | 37 +++ .../apache2-2.4.6/httpd-2.4.1-selinux.patch | 63 +++++ .../apache2/apache2-2.4.6/httpd-2.4.4-export.patch | 22 ++ .../apache2-2.4.6/httpd-2.4.4-r1332643.patch | 260 +++++++++++++++++++++ .../replace-lynx-to-curl-in-apachectl-script.patch | 52 +++++ .../apache2/apache2-2.4.6/server-makefile.patch | 11 + .../recipes-httpd/apache2/apache2-native_2.4.4.bb | 42 ---- .../recipes-httpd/apache2/apache2-native_2.4.6.bb | 42 ++++ .../recipes-httpd/apache2/apache2_2.4.4.bb | 132 ----------- .../recipes-httpd/apache2/apache2_2.4.6.bb | 132 +++++++++++ 22 files changed, 787 insertions(+), 787 deletions(-) delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-configure_perlbin.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-ssl-ltmain-rpath.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/fix-libtool-name.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-corelimit.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-export.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-r1332643.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/replace-lynx-to-curl-in-apachectl-script.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.4/server-makefile.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-configure_perlbin.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-ssl-ltmain-rpath.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/fix-libtool-name.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-corelimit.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-selinux.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-export.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/replace-lynx-to-curl-in-apachectl-script.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/server-makefile.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-native_2.4.4.bb create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-native_2.4.6.bb delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2_2.4.4.bb create mode 100644 meta-webserver/recipes-httpd/apache2/apache2_2.4.6.bb diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-configure_perlbin.patch deleted file mode 100644 index baa739fd44..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-configure_perlbin.patch +++ /dev/null @@ -1,37 +0,0 @@ -# Author: echo -# Date: April 28 2009 -# Summary:Fix perl install directory to /usr/bin -# -# Upstream-Status: Inappropriate [configuration] - ---- a/configure -+++ b/configure -@@ -22365,13 +22365,7 @@ - #define APACHE_MPM_DIR "$MPM_DIR" - _ACEOF - -- --perlbin=`$ac_aux_dir/PrintPath perl` --if test "x$perlbin" = "x"; then -- perlbin="/replace/with/path/to/perl/interpreter" --fi -- -- -+perlbin='/usr/bin/perl' - - BSD_MAKEFILE=no - ap_make_include=include ---- a/configure.in -+++ b/configure.in -@@ -638,10 +638,7 @@ - AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", - [Location of the source for the current MPM]) - --perlbin=`$ac_aux_dir/PrintPath perl` --if test "x$perlbin" = "x"; then -- perlbin="/replace/with/path/to/perl/interpreter" --fi -+perlbin='/usr/bin/perl' - AC_SUBST(perlbin) - - dnl If we are running on BSD/OS, we need to use the BSD .include syntax. diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-ssl-ltmain-rpath.patch deleted file mode 100644 index 3a59fb0799..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/apache-ssl-ltmain-rpath.patch +++ /dev/null @@ -1,76 +0,0 @@ ---- httpd-2.2.8.orig/build/ltmain.sh -+++ httpd-2.2.8/build/ltmain.sh -@@ -1515,7 +1515,7 @@ EOF - dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` - # We need an absolute path. - case $dir in -- [\\/]* | [A-Za-z]:[\\/]*) ;; -+ =* | [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - absdir=`cd "$dir" && pwd` - if test -z "$absdir"; then -@@ -2558,7 +2558,7 @@ EOF - $echo "*** $linklib is not portable!" - fi - if test "$linkmode" = lib && -- test "$hardcode_into_libs" = yes; then -+ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. -@@ -2832,7 +2832,7 @@ EOF - - if test "$linkmode" = lib; then - if test -n "$dependency_libs" && -- { test "$hardcode_into_libs" != yes || -+ { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || - test "$build_old_libs" = yes || - test "$link_static" = yes; }; then - # Extract -R from dependency_libs -@@ -3426,7 +3426,8 @@ EOF - *) finalize_rpath="$finalize_rpath $libdir" ;; - esac - done -- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then -+ if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || -+ test "$build_old_libs" = yes; then - dependency_libs="$temp_xrpath $dependency_libs" - fi - fi -@@ -3843,7 +3844,7 @@ EOF - case $archive_cmds in - *\$LD\ *) wl= ;; - esac -- if test "$hardcode_into_libs" = yes; then -+ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then - # Hardcode the library paths - hardcode_libdirs= - dep_rpath= -@@ -4397,6 +4398,27 @@ EOF - # Now hardcode the library paths - rpath= - hardcode_libdirs= -+ -+ # short circuit putting rpaths in executables -+ # -+ if test "x$wrs_use_rpaths" != "xyes" ; then -+ flag= -+ for libdir in $compile_rpath; do -+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in -+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; -+ esac -+ done -+ compile_rpath="$flag" -+ -+ flag= -+ for libdir in $finalize_rpath; do -+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in -+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; -+ esac -+ done -+ finalize_rpath="$flag" -+ fi -+ - for libdir in $compile_rpath $finalize_rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/fix-libtool-name.patch deleted file mode 100644 index 027af04c3b..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/fix-libtool-name.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix build scripts to use correct libtool filename - -Upstream-Status: Inappropriate [configuration] - ---- - httpd-2.4.2/build/config_vars.sh.in | 2 +- - httpd-2.4.2/configure | 2 +- - httpd-2.4.2/configure.in | 2 +- - httpd-2.4.2/support/apxs.in | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - ---- a/build/config_vars.sh.in -+++ b/build/config_vars.sh.in -@@ -35,7 +35,7 @@ else - APU_CONFIG=@APU_CONFIG@ - fi - --APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" -+APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" - APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" - test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" - ---- a/configure -+++ b/configure -@@ -6205,7 +6205,7 @@ case $host in - if test "x$LTFLAGS" = "x"; then - LTFLAGS='--silent' - fi -- my_libtool=`$apr_config --apr-libtool` -+ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` - LIBTOOL="$my_libtool \$(LTFLAGS)" - libtoolversion=`$my_libtool --version` - case $libtoolversion in ---- a/configure.in -+++ b/configure.in -@@ -264,7 +264,7 @@ case $host in - if test "x$LTFLAGS" = "x"; then - LTFLAGS='--silent' - fi -- my_libtool=`$apr_config --apr-libtool` -+ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` - LIBTOOL="$my_libtool \$(LTFLAGS)" - libtoolversion=`$my_libtool --version` - case $libtoolversion in ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -352,7 +352,7 @@ if ($apr_major_version < 2) { - } - } - --my $libtool = `$apr_config --apr-libtool`; -+my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; - chomp($libtool); - - my $apr_includedir = `$apr_config --includes`; diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-corelimit.patch deleted file mode 100644 index 18e4107ec7..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-corelimit.patch +++ /dev/null @@ -1,37 +0,0 @@ - -Bump up the core size limit if CoreDumpDirectory is -configured. - -Upstream-Status: Pending - -Note: upstreaming was discussed but there are competing desires; - there are portability oddities here too. - ---- httpd-2.4.1/server/core.c.corelimit -+++ httpd-2.4.1/server/core.c -@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * - } - apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, - apr_pool_cleanup_null); -+ -+#ifdef RLIMIT_CORE -+ if (ap_coredumpdir_configured) { -+ struct rlimit lim; -+ -+ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { -+ lim.rlim_cur = lim.rlim_max; -+ if (setrlimit(RLIMIT_CORE, &lim) == 0) { -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, -+ "core dump file size limit raised to %lu bytes", -+ lim.rlim_cur); -+ } else { -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, -+ "core dump file size is zero, setrlimit failed"); -+ } -+ } -+ } -+#endif -+ - return OK; - } - diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch deleted file mode 100644 index 873328d9b5..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch +++ /dev/null @@ -1,63 +0,0 @@ - -Log the SELinux context at startup. - -Upstream-Status: Inappropriate [other] - -Note: unlikely to be any interest in this upstream - ---- httpd-2.4.1/configure.in.selinux -+++ httpd-2.4.1/configure.in -@@ -458,6 +458,11 @@ fopen64 - dnl confirm that a void pointer is large enough to store a long integer - APACHE_CHECK_VOID_PTR_LEN - -+AC_CHECK_LIB(selinux, is_selinux_enabled, [ -+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) -+ APR_ADDTO(AP_LIBS, [-lselinux]) -+]) -+ - AC_CACHE_CHECK([for gettid()], ac_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE - #include ---- httpd-2.4.1/server/core.c.selinux -+++ httpd-2.4.1/server/core.c -@@ -58,6 +58,10 @@ - #include - #endif - -+#ifdef HAVE_SELINUX -+#include -+#endif -+ - /* LimitRequestBody handling */ - #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) - #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * - } - #endif - -+#ifdef HAVE_SELINUX -+ { -+ static int already_warned = 0; -+ int is_enabled = is_selinux_enabled() > 0; -+ -+ if (is_enabled && !already_warned) { -+ security_context_t con; -+ -+ if (getcon(&con) == 0) { -+ -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, -+ "SELinux policy enabled; " -+ "httpd running as context %s", con); -+ -+ already_warned = 1; -+ -+ freecon(con); -+ } -+ } -+ } -+#endif -+ - return OK; - } - diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-export.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-export.patch deleted file mode 100644 index afbed8e550..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-export.patch +++ /dev/null @@ -1,22 +0,0 @@ - -There is no need to "suck in" the apr/apr-util symbols when using -a shared libapr{,util}, it just bloats the symbol table; so don't. - -Upstream-HEAD: needed -Upstream-2.0: omit -Upstream-Status: Pending - -Note: EXPORT_DIRS change is conditional on using shared apr - ---- httpd-2.4.4/server/Makefile.in.export -+++ httpd-2.4.4/server/Makefile.in -@@ -57,9 +57,6 @@ export_files: - ( for dir in $(EXPORT_DIRS); do \ - ls $$dir/*.h ; \ - done; \ -- for dir in $(EXPORT_DIRS_APR); do \ -- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ -- done; \ - ) | sed -e s,//,/,g | sort -u > $@ - - exports.c: export_files diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-r1332643.patch deleted file mode 100644 index ba282319d2..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.4-r1332643.patch +++ /dev/null @@ -1,260 +0,0 @@ -Add support for TLS Next Protocol Negotiation: - -* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new - hooks for next protocol advertisement/discovery. - -* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable - NPN advertisement callback in handshake. - -* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke - next-protocol discovery hook. - -* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): - New callback. - -* modules/ssl/ssl_private.h: Add prototype. - -Submitted by: Matthew Steele - with slight tweaks by jorton - -https://bugzilla.redhat.com//show_bug.cgi?id=809599 - -http://svn.apache.org/viewvc?view=revision&revision=1332643 - -Upstream-Status: Backport - ---- httpd-2.4.4/modules/ssl/ssl_private.h -+++ httpd-2.4.4/modules/ssl/ssl_private.h -@@ -139,6 +139,11 @@ - #define HAVE_FIPS - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ -+ && !defined(OPENSSL_NO_TLSEXT) -+#define HAVE_TLS_NPN -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x10000000) - #define MODSSL_SSL_CIPHER_CONST const - #define MODSSL_SSL_METHOD_CONST const -@@ -840,6 +845,7 @@ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); - int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, HMAC_CTX *, int); - #endif -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); - - /** Session Cache Support */ - void ssl_scache_init(server_rec *, apr_pool_t *); ---- httpd-2.4.4/modules/ssl/mod_ssl.c -+++ httpd-2.4.4/modules/ssl/mod_ssl.c -@@ -272,6 +272,18 @@ static const command_rec ssl_config_cmds[] = { - AP_END_CMD - }; - -+/* Implement 'modssl_run_npn_advertise_protos_hook'. */ -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( -+ modssl, AP, int, npn_advertise_protos_hook, -+ (conn_rec *connection, apr_array_header_t *protos), -+ (connection, protos), OK, DECLINED); -+ -+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( -+ modssl, AP, int, npn_proto_negotiated_hook, -+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), -+ (connection, proto_name, proto_name_len), OK, DECLINED); -+ - /* - * the various processing hooks - */ ---- httpd-2.4.4/modules/ssl/mod_ssl.h -+++ httpd-2.4.4/modules/ssl/mod_ssl.h -@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); - - APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); - -+/** The npn_advertise_protos optional hook allows other modules to add entries -+ * to the list of protocol names advertised by the server during the Next -+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is -+ * given the connection and an APR array; it should push one or more char*'s -+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto -+ * the array and return OK, or do nothing and return DECLINED. */ -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, -+ (conn_rec *connection, apr_array_header_t *protos)); -+ -+/** The npn_proto_negotiated optional hook allows other modules to discover the -+ * name of the protocol that was chosen during the Next Protocol Negotiation -+ * (NPN) portion of the SSL handshake. Note that this may be the empty string -+ * (in which case modules should probably assume HTTP), or it may be a protocol -+ * that was never even advertised by the server. The hook callee is given the -+ * connection, a non-null-terminated string containing the protocol name, and -+ * the length of the string; it should do something appropriate (i.e. insert or -+ * remove filters) and return OK, or do nothing and return DECLINED. */ -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, -+ (conn_rec *connection, const char *proto_name, -+ apr_size_t proto_name_len)); -+ - #endif /* __MOD_SSL_H__ */ - /** @} */ ---- httpd-2.4.4/modules/ssl/ssl_engine_init.c -+++ httpd-2.4.4/modules/ssl/ssl_engine_init.c -@@ -725,6 +725,11 @@ static void ssl_init_ctx_callbacks(server_rec *s, - #endif - - SSL_CTX_set_info_callback(ctx, ssl_callback_Info); -+ -+#ifdef HAVE_TLS_NPN -+ SSL_CTX_set_next_protos_advertised_cb( -+ ctx, ssl_callback_AdvertiseNextProtos, NULL); -+#endif - } - - static void ssl_init_ctx_verify(server_rec *s, ---- httpd-2.4.4/modules/ssl/ssl_engine_io.c -+++ httpd-2.4.4/modules/ssl/ssl_engine_io.c -@@ -28,6 +28,7 @@ - core keeps dumping.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "apr_date.h" - - /* _________________________________________________________________ -@@ -297,6 +298,7 @@ typedef struct { - apr_pool_t *pool; - char buffer[AP_IOBUFSIZE]; - ssl_filter_ctx_t *filter_ctx; -+ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ - } bio_filter_in_ctx_t; - - /* -@@ -1385,6 +1387,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, - APR_BRIGADE_INSERT_TAIL(bb, bucket); - } - -+#ifdef HAVE_TLS_NPN -+ /* By this point, Next Protocol Negotiation (NPN) should be completed (if -+ * our version of OpenSSL supports it). If we haven't already, find out -+ * which protocol was decided upon and inform other modules by calling -+ * npn_proto_negotiated_hook. */ -+ if (!inctx->npn_finished) { -+ const unsigned char *next_proto = NULL; -+ unsigned next_proto_len = 0; -+ -+ SSL_get0_next_proto_negotiated( -+ inctx->ssl, &next_proto, &next_proto_len); -+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, -+ "SSL NPN negotiated protocol: '%s'", -+ apr_pstrmemdup(f->c->pool, (const char*)next_proto, -+ next_proto_len)); -+ modssl_run_npn_proto_negotiated_hook( -+ f->c, (const char*)next_proto, next_proto_len); -+ inctx->npn_finished = 1; -+ } -+#endif -+ - return APR_SUCCESS; - } - -@@ -1866,6 +1889,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, - inctx->block = APR_BLOCK_READ; - inctx->pool = c->pool; - inctx->filter_ctx = filter_ctx; -+ inctx->npn_finished = 0; - } - - /* The request_rec pointer is passed in here only to ensure that the ---- httpd-2.4.4/modules/ssl/ssl_engine_kernel.c -+++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c -@@ -29,6 +29,7 @@ - time I was too famous.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "util_md5.h" - - static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -2186,3 +2187,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) - } - - #endif /* OPENSSL_NO_SRP */ -+ -+#ifdef HAVE_TLS_NPN -+/* -+ * This callback function is executed when SSL needs to decide what protocols -+ * to advertise during Next Protocol Negotiation (NPN). It must produce a -+ * string in wire format -- a sequence of length-prefixed strings -- indicating -+ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb -+ * in OpenSSL for reference. -+ */ -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, -+ unsigned int *size_out, void *arg) -+{ -+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); -+ apr_array_header_t *protos; -+ int num_protos; -+ unsigned int size; -+ int i; -+ unsigned char *data; -+ unsigned char *start; -+ -+ *data_out = NULL; -+ *size_out = 0; -+ -+ /* If the connection object is not available, then there's nothing for us -+ * to do. */ -+ if (c == NULL) { -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ /* Invoke our npn_advertise_protos hook, giving other modules a chance to -+ * add alternate protocol names to advertise. */ -+ protos = apr_array_make(c->pool, 0, sizeof(char*)); -+ modssl_run_npn_advertise_protos_hook(c, protos); -+ num_protos = protos->nelts; -+ -+ /* We now have a list of null-terminated strings; we need to concatenate -+ * them together into a single string, where each protocol name is prefixed -+ * by its length. First, calculate how long that string will be. */ -+ size = 0; -+ for (i = 0; i < num_protos; ++i) { -+ const char *string = APR_ARRAY_IDX(protos, i, const char*); -+ unsigned int length = strlen(string); -+ /* If the protocol name is too long (the length must fit in one byte), -+ * then log an error and skip it. */ -+ if (length > 255) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, -+ "SSL NPN protocol name too long (length=%u): %s", -+ length, string); -+ continue; -+ } -+ /* Leave room for the length prefix (one byte) plus the protocol name -+ * itself. */ -+ size += 1 + length; -+ } -+ -+ /* If there is nothing to advertise (either because no modules added -+ * anything to the protos array, or because all strings added to the array -+ * were skipped), then we're done. */ -+ if (size == 0) { -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ /* Now we can build the string. Copy each protocol name string into the -+ * larger string, prefixed by its length. */ -+ data = apr_palloc(c->pool, size * sizeof(unsigned char)); -+ start = data; -+ for (i = 0; i < num_protos; ++i) { -+ const char *string = APR_ARRAY_IDX(protos, i, const char*); -+ apr_size_t length = strlen(string); -+ *start = (unsigned char)length; -+ ++start; -+ memcpy(start, string, length * sizeof(unsigned char)); -+ start += length; -+ } -+ -+ /* Success. */ -+ *data_out = data; -+ *size_out = size; -+ return SSL_TLSEXT_ERR_OK; -+} -+#endif diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/replace-lynx-to-curl-in-apachectl-script.patch deleted file mode 100644 index 584ddc8d94..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/replace-lynx-to-curl-in-apachectl-script.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 -From: Yulong Pei -Date: Thu, 1 Sep 2011 01:03:14 +0800 -Subject: [PATCH] replace lynx to curl in apachectl script - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Yulong Pei ---- - support/apachectl.in | 14 ++++++++++---- - 1 files changed, 10 insertions(+), 4 deletions(-) - -diff --git a/support/apachectl.in b/support/apachectl.in -index d4dff38..109ea13 100644 ---- a/support/apachectl.in -+++ b/support/apachectl.in -@@ -51,11 +51,11 @@ fi - # a command that outputs a formatted text version of the HTML at the - # url given on the command line. Designed for lynx, however other - # programs may work. --LYNX="@LYNX_PATH@ -dump" -+CURL="/usr/bin/curl" - # - # the URL to your server's mod_status status page. If you do not - # have one, then status and fullstatus will not work. --STATUSURL="http://localhost:@PORT@/server-status" -+STATUSURL="http://localhost:@PORT@/" - # - # Set this variable to a command that increases the maximum - # number of file descriptors allowed per child process. This is -@@ -91,10 +91,16 @@ configtest) - ERROR=$? - ;; - status) -- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' -+ $CURL -s $STATUSURL | grep -o "It works!" -+ if [ $? != 0 ] ; then -+ echo The httpd server does not work! -+ fi - ;; - fullstatus) -- $LYNX $STATUSURL -+ $CURL -s $STATUSURL | grep -o "It works!" -+ if [ $? != 0 ] ; then -+ echo The httpd server does not work! -+ fi - ;; - *) - $HTTPD $ARGV --- -1.6.4 - diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/server-makefile.patch deleted file mode 100644 index f1349cb6a4..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/server-makefile.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 -+++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 -@@ -27,7 +27,7 @@ - $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) - - test_char.h: gen_test_char -- ./gen_test_char > test_char.h -+ gen_test_char > test_char.h - - util.lo: test_char.h - diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-configure_perlbin.patch new file mode 100644 index 0000000000..baa739fd44 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-configure_perlbin.patch @@ -0,0 +1,37 @@ +# Author: echo +# Date: April 28 2009 +# Summary:Fix perl install directory to /usr/bin +# +# Upstream-Status: Inappropriate [configuration] + +--- a/configure ++++ b/configure +@@ -22365,13 +22365,7 @@ + #define APACHE_MPM_DIR "$MPM_DIR" + _ACEOF + +- +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi +- +- ++perlbin='/usr/bin/perl' + + BSD_MAKEFILE=no + ap_make_include=include +--- a/configure.in ++++ b/configure.in +@@ -638,10 +638,7 @@ + AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", + [Location of the source for the current MPM]) + +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi ++perlbin='/usr/bin/perl' + AC_SUBST(perlbin) + + dnl If we are running on BSD/OS, we need to use the BSD .include syntax. diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-ssl-ltmain-rpath.patch new file mode 100644 index 0000000000..3a59fb0799 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-ssl-ltmain-rpath.patch @@ -0,0 +1,76 @@ +--- httpd-2.2.8.orig/build/ltmain.sh ++++ httpd-2.2.8/build/ltmain.sh +@@ -1515,7 +1515,7 @@ EOF + dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` + # We need an absolute path. + case $dir in +- [\\/]* | [A-Za-z]:[\\/]*) ;; ++ =* | [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then +@@ -2558,7 +2558,7 @@ EOF + $echo "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && +- test "$hardcode_into_libs" = yes; then ++ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. +@@ -2832,7 +2832,7 @@ EOF + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && +- { test "$hardcode_into_libs" != yes || ++ { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs +@@ -3426,7 +3426,8 @@ EOF + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done +- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then ++ if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || ++ test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi +@@ -3843,7 +3844,7 @@ EOF + case $archive_cmds in + *\$LD\ *) wl= ;; + esac +- if test "$hardcode_into_libs" = yes; then ++ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= +@@ -4397,6 +4398,27 @@ EOF + # Now hardcode the library paths + rpath= + hardcode_libdirs= ++ ++ # short circuit putting rpaths in executables ++ # ++ if test "x$wrs_use_rpaths" != "xyes" ; then ++ flag= ++ for libdir in $compile_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ compile_rpath="$flag" ++ ++ flag= ++ for libdir in $finalize_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ finalize_rpath="$flag" ++ fi ++ + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/fix-libtool-name.patch new file mode 100644 index 0000000000..027af04c3b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/fix-libtool-name.patch @@ -0,0 +1,55 @@ +Fix build scripts to use correct libtool filename + +Upstream-Status: Inappropriate [configuration] + +--- + httpd-2.4.2/build/config_vars.sh.in | 2 +- + httpd-2.4.2/configure | 2 +- + httpd-2.4.2/configure.in | 2 +- + httpd-2.4.2/support/apxs.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +--- a/build/config_vars.sh.in ++++ b/build/config_vars.sh.in +@@ -35,7 +35,7 @@ else + APU_CONFIG=@APU_CONFIG@ + fi + +-APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" ++APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" + APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" + test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" + +--- a/configure ++++ b/configure +@@ -6205,7 +6205,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/configure.in ++++ b/configure.in +@@ -264,7 +264,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/support/apxs.in ++++ b/support/apxs.in +@@ -352,7 +352,7 @@ if ($apr_major_version < 2) { + } + } + +-my $libtool = `$apr_config --apr-libtool`; ++my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; + chomp($libtool); + + my $apr_includedir = `$apr_config --includes`; diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-corelimit.patch new file mode 100644 index 0000000000..18e4107ec7 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-corelimit.patch @@ -0,0 +1,37 @@ + +Bump up the core size limit if CoreDumpDirectory is +configured. + +Upstream-Status: Pending + +Note: upstreaming was discussed but there are competing desires; + there are portability oddities here too. + +--- httpd-2.4.1/server/core.c.corelimit ++++ httpd-2.4.1/server/core.c +@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * + } + apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, + apr_pool_cleanup_null); ++ ++#ifdef RLIMIT_CORE ++ if (ap_coredumpdir_configured) { ++ struct rlimit lim; ++ ++ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { ++ lim.rlim_cur = lim.rlim_max; ++ if (setrlimit(RLIMIT_CORE, &lim) == 0) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "core dump file size limit raised to %lu bytes", ++ lim.rlim_cur); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, ++ "core dump file size is zero, setrlimit failed"); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-selinux.patch new file mode 100644 index 0000000000..873328d9b5 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-selinux.patch @@ -0,0 +1,63 @@ + +Log the SELinux context at startup. + +Upstream-Status: Inappropriate [other] + +Note: unlikely to be any interest in this upstream + +--- httpd-2.4.1/configure.in.selinux ++++ httpd-2.4.1/configure.in +@@ -458,6 +458,11 @@ fopen64 + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include +--- httpd-2.4.1/server/core.c.selinux ++++ httpd-2.4.1/server/core.c +@@ -58,6 +58,10 @@ + #include + #endif + ++#ifdef HAVE_SELINUX ++#include ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * + } + #endif + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-export.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-export.patch new file mode 100644 index 0000000000..afbed8e550 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-export.patch @@ -0,0 +1,22 @@ + +There is no need to "suck in" the apr/apr-util symbols when using +a shared libapr{,util}, it just bloats the symbol table; so don't. + +Upstream-HEAD: needed +Upstream-2.0: omit +Upstream-Status: Pending + +Note: EXPORT_DIRS change is conditional on using shared apr + +--- httpd-2.4.4/server/Makefile.in.export ++++ httpd-2.4.4/server/Makefile.in +@@ -57,9 +57,6 @@ export_files: + ( for dir in $(EXPORT_DIRS); do \ + ls $$dir/*.h ; \ + done; \ +- for dir in $(EXPORT_DIRS_APR); do \ +- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ +- done; \ + ) | sed -e s,//,/,g | sort -u > $@ + + exports.c: export_files diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch new file mode 100644 index 0000000000..ba282319d2 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch @@ -0,0 +1,260 @@ +Add support for TLS Next Protocol Negotiation: + +* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new + hooks for next protocol advertisement/discovery. + +* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable + NPN advertisement callback in handshake. + +* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke + next-protocol discovery hook. + +* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): + New callback. + +* modules/ssl/ssl_private.h: Add prototype. + +Submitted by: Matthew Steele + with slight tweaks by jorton + +https://bugzilla.redhat.com//show_bug.cgi?id=809599 + +http://svn.apache.org/viewvc?view=revision&revision=1332643 + +Upstream-Status: Backport + +--- httpd-2.4.4/modules/ssl/ssl_private.h ++++ httpd-2.4.4/modules/ssl/ssl_private.h +@@ -139,6 +139,11 @@ + #define HAVE_FIPS + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ ++ && !defined(OPENSSL_NO_TLSEXT) ++#define HAVE_TLS_NPN ++#endif ++ + #if (OPENSSL_VERSION_NUMBER >= 0x10000000) + #define MODSSL_SSL_CIPHER_CONST const + #define MODSSL_SSL_METHOD_CONST const +@@ -840,6 +845,7 @@ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); + int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, HMAC_CTX *, int); + #endif ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); + + /** Session Cache Support */ + void ssl_scache_init(server_rec *, apr_pool_t *); +--- httpd-2.4.4/modules/ssl/mod_ssl.c ++++ httpd-2.4.4/modules/ssl/mod_ssl.c +@@ -272,6 +272,18 @@ static const command_rec ssl_config_cmds[] = { + AP_END_CMD + }; + ++/* Implement 'modssl_run_npn_advertise_protos_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos), ++ (connection, protos), OK, DECLINED); ++ ++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), ++ (connection, proto_name, proto_name_len), OK, DECLINED); ++ + /* + * the various processing hooks + */ +--- httpd-2.4.4/modules/ssl/mod_ssl.h ++++ httpd-2.4.4/modules/ssl/mod_ssl.h +@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); + + APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); + ++/** The npn_advertise_protos optional hook allows other modules to add entries ++ * to the list of protocol names advertised by the server during the Next ++ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is ++ * given the connection and an APR array; it should push one or more char*'s ++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto ++ * the array and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos)); ++ ++/** The npn_proto_negotiated optional hook allows other modules to discover the ++ * name of the protocol that was chosen during the Next Protocol Negotiation ++ * (NPN) portion of the SSL handshake. Note that this may be the empty string ++ * (in which case modules should probably assume HTTP), or it may be a protocol ++ * that was never even advertised by the server. The hook callee is given the ++ * connection, a non-null-terminated string containing the protocol name, and ++ * the length of the string; it should do something appropriate (i.e. insert or ++ * remove filters) and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, ++ apr_size_t proto_name_len)); ++ + #endif /* __MOD_SSL_H__ */ + /** @} */ +--- httpd-2.4.4/modules/ssl/ssl_engine_init.c ++++ httpd-2.4.4/modules/ssl/ssl_engine_init.c +@@ -725,6 +725,11 @@ static void ssl_init_ctx_callbacks(server_rec *s, + #endif + + SSL_CTX_set_info_callback(ctx, ssl_callback_Info); ++ ++#ifdef HAVE_TLS_NPN ++ SSL_CTX_set_next_protos_advertised_cb( ++ ctx, ssl_callback_AdvertiseNextProtos, NULL); ++#endif + } + + static void ssl_init_ctx_verify(server_rec *s, +--- httpd-2.4.4/modules/ssl/ssl_engine_io.c ++++ httpd-2.4.4/modules/ssl/ssl_engine_io.c +@@ -28,6 +28,7 @@ + core keeps dumping.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "apr_date.h" + + /* _________________________________________________________________ +@@ -297,6 +298,7 @@ typedef struct { + apr_pool_t *pool; + char buffer[AP_IOBUFSIZE]; + ssl_filter_ctx_t *filter_ctx; ++ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ + } bio_filter_in_ctx_t; + + /* +@@ -1385,6 +1387,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, + APR_BRIGADE_INSERT_TAIL(bb, bucket); + } + ++#ifdef HAVE_TLS_NPN ++ /* By this point, Next Protocol Negotiation (NPN) should be completed (if ++ * our version of OpenSSL supports it). If we haven't already, find out ++ * which protocol was decided upon and inform other modules by calling ++ * npn_proto_negotiated_hook. */ ++ if (!inctx->npn_finished) { ++ const unsigned char *next_proto = NULL; ++ unsigned next_proto_len = 0; ++ ++ SSL_get0_next_proto_negotiated( ++ inctx->ssl, &next_proto, &next_proto_len); ++ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, ++ "SSL NPN negotiated protocol: '%s'", ++ apr_pstrmemdup(f->c->pool, (const char*)next_proto, ++ next_proto_len)); ++ modssl_run_npn_proto_negotiated_hook( ++ f->c, (const char*)next_proto, next_proto_len); ++ inctx->npn_finished = 1; ++ } ++#endif ++ + return APR_SUCCESS; + } + +@@ -1866,6 +1889,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, + inctx->block = APR_BLOCK_READ; + inctx->pool = c->pool; + inctx->filter_ctx = filter_ctx; ++ inctx->npn_finished = 0; + } + + /* The request_rec pointer is passed in here only to ensure that the +--- httpd-2.4.4/modules/ssl/ssl_engine_kernel.c ++++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c +@@ -29,6 +29,7 @@ + time I was too famous.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "util_md5.h" + + static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); +@@ -2186,3 +2187,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) + } + + #endif /* OPENSSL_NO_SRP */ ++ ++#ifdef HAVE_TLS_NPN ++/* ++ * This callback function is executed when SSL needs to decide what protocols ++ * to advertise during Next Protocol Negotiation (NPN). It must produce a ++ * string in wire format -- a sequence of length-prefixed strings -- indicating ++ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb ++ * in OpenSSL for reference. ++ */ ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, ++ unsigned int *size_out, void *arg) ++{ ++ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); ++ apr_array_header_t *protos; ++ int num_protos; ++ unsigned int size; ++ int i; ++ unsigned char *data; ++ unsigned char *start; ++ ++ *data_out = NULL; ++ *size_out = 0; ++ ++ /* If the connection object is not available, then there's nothing for us ++ * to do. */ ++ if (c == NULL) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Invoke our npn_advertise_protos hook, giving other modules a chance to ++ * add alternate protocol names to advertise. */ ++ protos = apr_array_make(c->pool, 0, sizeof(char*)); ++ modssl_run_npn_advertise_protos_hook(c, protos); ++ num_protos = protos->nelts; ++ ++ /* We now have a list of null-terminated strings; we need to concatenate ++ * them together into a single string, where each protocol name is prefixed ++ * by its length. First, calculate how long that string will be. */ ++ size = 0; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ unsigned int length = strlen(string); ++ /* If the protocol name is too long (the length must fit in one byte), ++ * then log an error and skip it. */ ++ if (length > 255) { ++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, ++ "SSL NPN protocol name too long (length=%u): %s", ++ length, string); ++ continue; ++ } ++ /* Leave room for the length prefix (one byte) plus the protocol name ++ * itself. */ ++ size += 1 + length; ++ } ++ ++ /* If there is nothing to advertise (either because no modules added ++ * anything to the protos array, or because all strings added to the array ++ * were skipped), then we're done. */ ++ if (size == 0) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Now we can build the string. Copy each protocol name string into the ++ * larger string, prefixed by its length. */ ++ data = apr_palloc(c->pool, size * sizeof(unsigned char)); ++ start = data; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ apr_size_t length = strlen(string); ++ *start = (unsigned char)length; ++ ++start; ++ memcpy(start, string, length * sizeof(unsigned char)); ++ start += length; ++ } ++ ++ /* Success. */ ++ *data_out = data; ++ *size_out = size; ++ return SSL_TLSEXT_ERR_OK; ++} ++#endif diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/replace-lynx-to-curl-in-apachectl-script.patch new file mode 100644 index 0000000000..584ddc8d94 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/replace-lynx-to-curl-in-apachectl-script.patch @@ -0,0 +1,52 @@ +From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 +From: Yulong Pei +Date: Thu, 1 Sep 2011 01:03:14 +0800 +Subject: [PATCH] replace lynx to curl in apachectl script + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Yulong Pei +--- + support/apachectl.in | 14 ++++++++++---- + 1 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/support/apachectl.in b/support/apachectl.in +index d4dff38..109ea13 100644 +--- a/support/apachectl.in ++++ b/support/apachectl.in +@@ -51,11 +51,11 @@ fi + # a command that outputs a formatted text version of the HTML at the + # url given on the command line. Designed for lynx, however other + # programs may work. +-LYNX="@LYNX_PATH@ -dump" ++CURL="/usr/bin/curl" + # + # the URL to your server's mod_status status page. If you do not + # have one, then status and fullstatus will not work. +-STATUSURL="http://localhost:@PORT@/server-status" ++STATUSURL="http://localhost:@PORT@/" + # + # Set this variable to a command that increases the maximum + # number of file descriptors allowed per child process. This is +@@ -91,10 +91,16 @@ configtest) + ERROR=$? + ;; + status) +- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + fullstatus) +- $LYNX $STATUSURL ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + *) + $HTTPD $ARGV +-- +1.6.4 + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/server-makefile.patch new file mode 100644 index 0000000000..f1349cb6a4 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/server-makefile.patch @@ -0,0 +1,11 @@ +--- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 ++++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 +@@ -27,7 +27,7 @@ + $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) + + test_char.h: gen_test_char +- ./gen_test_char > test_char.h ++ gen_test_char > test_char.h + + util.lo: test_char.h + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.4.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.4.bb deleted file mode 100644 index 2855648883..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.4.bb +++ /dev/null @@ -1,42 +0,0 @@ -DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ -extensible web server." -SUMMARY = "Apache HTTP Server" -HOMEPAGE = "http://httpd.apache.org/" -DEPENDS = "expat-native pcre-native apr-native apr-util-native" -SECTION = "net" -LICENSE = "Apache-2.0" - -inherit native - -SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2" - -S = "${WORKDIR}/httpd-${PV}" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" -SRC_URI[md5sum] = "0e712ee2119cd798c8ae39d5f11a9206" -SRC_URI[sha256sum] = "92aabddeca76a4ac7330b143df1407bbf35574c7291c15172238ac598d97655c" - -do_configure () { - ./configure --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ - --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ - --prefix=${prefix} --datadir=${datadir}/apache2 -} - -do_install () { - install -d ${D}${bindir} ${D}${libdir} - cp server/gen_test_char ${D}${bindir} - install -m 755 support/apxs ${D}${bindir}/ - install -m 755 httpd ${D}${bindir}/ - install -d ${D}${datadir}/apache2/build - cp build/*.mk ${D}${datadir}/apache2/build - cp build/instdso.sh ${D}${datadir}/apache2/build - - install -d ${D}${includedir}/apache2 - cp include/* ${D}${includedir}/apache2 - cp os/unix/os.h ${D}${includedir}/apache2 - cp os/unix/unixd.h ${D}${includedir}/apache2 - - cp support/envvars-std ${D}${bindir}/envvars - chmod 755 ${D}${bindir}/envvars -} - diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.6.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.6.bb new file mode 100644 index 0000000000..6efd469e17 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.6.bb @@ -0,0 +1,42 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "expat-native pcre-native apr-native apr-util-native" +SECTION = "net" +LICENSE = "Apache-2.0" + +inherit native + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2" + +S = "${WORKDIR}/httpd-${PV}" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" +SRC_URI[md5sum] = "ea5e361ca37b8d7853404419dd502efe" +SRC_URI[sha256sum] = "dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea" + +do_configure () { + ./configure --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --prefix=${prefix} --datadir=${datadir}/apache2 +} + +do_install () { + install -d ${D}${bindir} ${D}${libdir} + cp server/gen_test_char ${D}${bindir} + install -m 755 support/apxs ${D}${bindir}/ + install -m 755 httpd ${D}${bindir}/ + install -d ${D}${datadir}/apache2/build + cp build/*.mk ${D}${datadir}/apache2/build + cp build/instdso.sh ${D}${datadir}/apache2/build + + install -d ${D}${includedir}/apache2 + cp include/* ${D}${includedir}/apache2 + cp os/unix/os.h ${D}${includedir}/apache2 + cp os/unix/unixd.h ${D}${includedir}/apache2 + + cp support/envvars-std ${D}${bindir}/envvars + chmod 755 ${D}${bindir}/envvars +} + diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.4.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.4.bb deleted file mode 100644 index 8c9416a921..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.4.bb +++ /dev/null @@ -1,132 +0,0 @@ -DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ -extensible web server." -SUMMARY = "Apache HTTP Server" -HOMEPAGE = "http://httpd.apache.org/" -DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" -SECTION = "net" -LICENSE = "Apache-2.0" - -SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ - file://server-makefile.patch \ - file://httpd-2.4.1-corelimit.patch \ - file://httpd-2.4.4-export.patch \ - file://httpd-2.4.1-selinux.patch \ - file://httpd-2.4.4-r1332643.patch \ - file://apache-configure_perlbin.patch \ - file://replace-lynx-to-curl-in-apachectl-script.patch \ - file://apache-ssl-ltmain-rpath.patch \ - file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ - file://init" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" -SRC_URI[md5sum] = "0e712ee2119cd798c8ae39d5f11a9206" -SRC_URI[sha256sum] = "92aabddeca76a4ac7330b143df1407bbf35574c7291c15172238ac598d97655c" - -S = "${WORKDIR}/httpd-${PV}" - -inherit autotools update-rc.d - -CFLAGS_append = " -DPATH_MAX=4096" -CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " -EXTRA_OECONF = "--enable-ssl \ - --with-ssl=${STAGING_LIBDIR}/.. \ - --with-expat=${STAGING_LIBDIR}/.. \ - --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ - --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ - --enable-info \ - --enable-rewrite \ - --with-dbm=sdbm \ - --with-berkeley-db=no \ - --localstatedir=/var/${BPN} \ - --with-gdbm=no \ - --with-ndbm=no \ - --includedir=${includedir}/${BPN} \ - --datadir=${datadir}/${BPN} \ - --sysconfdir=${sysconfdir}/${BPN} \ - --libexecdir=${libdir}/${BPN}/modules \ - ap_cv_void_ptr_lt_long=no \ - --enable-mpms-shared \ - ac_cv_have_threadsafe_pollset=no" - -do_install_append() { - install -d ${D}/${sysconfdir}/init.d - cat ${WORKDIR}/init | \ - sed -e 's,/usr/sbin/,${sbindir}/,g' \ - -e 's,/usr/bin/,${bindir}/,g' \ - -e 's,/usr/lib,${libdir}/,g' \ - -e 's,/etc/,${sysconfdir}/,g' \ - -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} - chmod 755 ${D}/${sysconfdir}/init.d/${BPN} - # remove the goofy original files... - rm -rf ${D}/${sysconfdir}/${BPN}/original - # Expat should be found in the staging area via DEPENDS... - rm -f ${D}/${libdir}/libexpat.* - - install -d ${D}${sysconfdir}/${BPN}/conf.d - install -d ${D}${sysconfdir}/${BPN}/modules.d - - # Ensure configuration file pulls in conf.d and modules.d - printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - # match with that is in init script - printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf -} - -SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" - -apache_sysroot_preprocess () { - install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs - sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs - - sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk -} - -# -# implications - used by update-rc.d scripts -# -INITSCRIPT_NAME = "apache2" -INITSCRIPT_PARAMS = "defaults 91 20" -LEAD_SONAME = "libapr-1.so.0" - -PACKAGES = "${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" - -CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ - ${sysconfdir}/${BPN}/magic \ - ${sysconfdir}/${BPN}/mime.types \ - ${sysconfdir}/init.d/${BPN} " - -# we override here rather than append so that .so links are -# included in the runtime package rather than here (-dev) -# and to get build, icons, error into the -dev package -FILES_${PN}-dev = "${datadir}/${BPN}/build \ - ${datadir}/${BPN}/icons \ - ${datadir}/${BPN}/error \ - ${bindir}/apr-config ${bindir}/apu-config \ - ${libdir}/apr*.exp \ - ${includedir}/${BPN} \ - ${libdir}/*.la \ - ${libdir}/*.a" - -# manual to manual -FILES_${PN}-doc += " ${datadir}/${BPN}/manual" - -# -# override this too - here is the default, less datadir -# -FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ - ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ - ${libdir}/${BPN}" - -# we want htdocs and cgi-bin to go with the binary -FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin" - -#make sure the lone .so links also get wrapped in the base package -FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" - -FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" - -RDEPENDS_${PN} += "openssl libgcc" diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.6.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.6.bb new file mode 100644 index 0000000000..f230f94070 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.6.bb @@ -0,0 +1,132 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" +SECTION = "net" +LICENSE = "Apache-2.0" + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ + file://server-makefile.patch \ + file://httpd-2.4.1-corelimit.patch \ + file://httpd-2.4.4-export.patch \ + file://httpd-2.4.1-selinux.patch \ + file://httpd-2.4.4-r1332643.patch \ + file://apache-configure_perlbin.patch \ + file://replace-lynx-to-curl-in-apachectl-script.patch \ + file://apache-ssl-ltmain-rpath.patch \ + file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ + file://init" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" +SRC_URI[md5sum] = "ea5e361ca37b8d7853404419dd502efe" +SRC_URI[sha256sum] = "dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea" + +S = "${WORKDIR}/httpd-${PV}" + +inherit autotools update-rc.d + +CFLAGS_append = " -DPATH_MAX=4096" +CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " +EXTRA_OECONF = "--enable-ssl \ + --with-ssl=${STAGING_LIBDIR}/.. \ + --with-expat=${STAGING_LIBDIR}/.. \ + --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --enable-info \ + --enable-rewrite \ + --with-dbm=sdbm \ + --with-berkeley-db=no \ + --localstatedir=/var/${BPN} \ + --with-gdbm=no \ + --with-ndbm=no \ + --includedir=${includedir}/${BPN} \ + --datadir=${datadir}/${BPN} \ + --sysconfdir=${sysconfdir}/${BPN} \ + --libexecdir=${libdir}/${BPN}/modules \ + ap_cv_void_ptr_lt_long=no \ + --enable-mpms-shared \ + ac_cv_have_threadsafe_pollset=no" + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + cat ${WORKDIR}/init | \ + sed -e 's,/usr/sbin/,${sbindir}/,g' \ + -e 's,/usr/bin/,${bindir}/,g' \ + -e 's,/usr/lib,${libdir}/,g' \ + -e 's,/etc/,${sysconfdir}/,g' \ + -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} + chmod 755 ${D}/${sysconfdir}/init.d/${BPN} + # remove the goofy original files... + rm -rf ${D}/${sysconfdir}/${BPN}/original + # Expat should be found in the staging area via DEPENDS... + rm -f ${D}/${libdir}/libexpat.* + + install -d ${D}${sysconfdir}/${BPN}/conf.d + install -d ${D}${sysconfdir}/${BPN}/modules.d + + # Ensure configuration file pulls in conf.d and modules.d + printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + # match with that is in init script + printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf +} + +SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" + +apache_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + + sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk +} + +# +# implications - used by update-rc.d scripts +# +INITSCRIPT_NAME = "apache2" +INITSCRIPT_PARAMS = "defaults 91 20" +LEAD_SONAME = "libapr-1.so.0" + +PACKAGES = "${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" + +CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ + ${sysconfdir}/${BPN}/magic \ + ${sysconfdir}/${BPN}/mime.types \ + ${sysconfdir}/init.d/${BPN} " + +# we override here rather than append so that .so links are +# included in the runtime package rather than here (-dev) +# and to get build, icons, error into the -dev package +FILES_${PN}-dev = "${datadir}/${BPN}/build \ + ${datadir}/${BPN}/icons \ + ${datadir}/${BPN}/error \ + ${bindir}/apr-config ${bindir}/apu-config \ + ${libdir}/apr*.exp \ + ${includedir}/${BPN} \ + ${libdir}/*.la \ + ${libdir}/*.a" + +# manual to manual +FILES_${PN}-doc += " ${datadir}/${BPN}/manual" + +# +# override this too - here is the default, less datadir +# +FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ + ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ + ${libdir}/${BPN}" + +# we want htdocs and cgi-bin to go with the binary +FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin" + +#make sure the lone .so links also get wrapped in the base package +FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" + +FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" + +RDEPENDS_${PN} += "openssl libgcc" -- cgit 1.2.3-korg